Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feature req] Kubernetes bearer token authentication #5

Closed
lorf opened this issue Sep 13, 2019 · 4 comments
Closed

[feature req] Kubernetes bearer token authentication #5

lorf opened this issue Sep 13, 2019 · 4 comments
Labels

Comments

@lorf
Copy link

@lorf lorf commented Sep 13, 2019

Please add the ability to authenticate to the cluster using bearer token auth. This will allow to simply create a ServiceAccount with required permissions using manifests and use it's token to authenticate KubeGraf to the cluster. For now it's required to create a user or sign a certificate which requires root access to the master nodes.

@SergeiSporyshev

This comment has been minimized.

Copy link
Collaborator

@SergeiSporyshev SergeiSporyshev commented Sep 13, 2019

Hi! Thank you for your issue.
We are working on it right now

@Kurmaev

This comment has been minimized.

Copy link

@Kurmaev Kurmaev commented Sep 21, 2019

@SergeiSporyshev Hi, i guess there is more easier way to achieve that w/o routes:

You can pass jsonData.httpHeaderName1 = "Authorization", secureJsonData.httpHeaderValue1 = 'Bearer bearer-token' to the datasource. Then grafana would append that by theirselve without additional pain / refactoring :)

@Kurmaev

This comment has been minimized.

Copy link

@Kurmaev Kurmaev commented Sep 21, 2019

@SergeiSporyshev For me, working conf looks like following:
curl '<grafana-endpoint>/api/datasources/6' -X PUT -H 'Cookie grafana-cookie' --data-binary '{"id":6,"orgId":1,"name":"Staging","type":"devopsprodidy-kubegraf-datasource","typeLogoUrl":"","access":"proxy","url":"<k8s-endpoint>","password":"","user":"","database":"","basicAuth":false,"basicAuthUser":"","basicAuthPassword":"","withCredentials":false,"isDefault":false,"jsonData":{"keepCookies":[],"prom_name":"Prometheus","refresh_pods_rate":"60","tlsSkipVerify":true, "httpHeaderName1": "Authorization"},"secureJsonData":{"httpHeaderValue1": "Bearer bearer-token-from-service-account-with-needed-perms"},"version":<your-version-id>,"readOnly":false}' --compressed

@SergeiSporyshev

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.